tag 883314 pending
thanks
Hello,
Bug #883314 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
https://anonscm.debian.org/cgit/collab-maint/wordpress.git/commit/?id=5d5ab9f
---
commit 5d5ab9f7749187a352c3db3bc765972c5cbf176e
Author: Craig Small <csm...@debian.org>
Date: Sat Dec 9 18:30:08 2017 +1100
Security backport from 4.9.1
Backport of 4 patches from 4.9.1 to address security issues.
Addresses CVE-2017-17091 CVE-2017-17092 CVE-2017-17093
and CVE-2017-17094
diff --git a/debian/changelog b/debian/changelog
index 5610d83..b18edcf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,24 @@
+wordpress (4.7.5+dfsg-2+deb9u2) stretch-security; urgency=high
+
+ * Backport security patches from 4.9.1 Closes: #883314
+ - CVE-2017-17091
+ Use a properly generated hash for the newbloguser key instead
+ of a determinate substring.
+ Changeset 42272
+ - CVE-2017-17092
+ Remove the ability to upload JavaScript files for users who
+ do not have the unfiltered_html capability
+ Changeset 42275
+ - CVE-2017-17093
+ Add escaping to the language attributes used on html elements
+ Changeset 42273
+ - CVE-2017-17094
+ Ensure the attributes of enclosures are correctly escaped in
+ RSS and Atom feeds
+ Changeset 42274
+
+ -- Craig Small <csm...@debian.org> Sat, 09 Dec 2017 18:13:16 +1100
+
wordpress (4.7.5+dfsg-2+deb9u1) stretch-security; urgency=medium
* Backport patches from 4.8.2 Closes: #876274
